Page 1 of 2 12››
August 27, 2013 23:27 IDT Entry #03 Hook #233018
Reply with Quote | Quick Reply | Top
tdland

Avatar

Novice
Join Date: 27.8.2013
Posts: 4
IDT entry # 03 hook NTKRNLPA.EXE

This is what AVG picked up and it says that I have to remove it manually. I have absolutely NO IDEA how to go about doing this.
It apparently has something to do with a root-kit. Whatever that is. :confused:

Any advice would be greatly appreciated.

August 29, 2013 08:37 Re: IDT Entry #03 Hook #233084
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello tdland,

In order to analyze your issue please provide us with more information (AVG scan result export, Msinfo output, GMER scan result).

Thank you.



AVG Team
How-To articles | FAQ | Free Support
August 29, 2013 12:02 Re: IDT Entry #03 Hook #233101
Reply with Quote | Quick Reply | Top
chinapig

Avatar

Novice
Join Date: 29.8.2013
Posts: 3
Same thing - newbie here..

Just came across this, & I have an almost identical scan result! Hope it's not too presumptious of me to post my logs without being asked??
Spybot finds nothing, malwarebytes nothing, mbar nothing, AVG rescue disk nothing, but the Gmer scan does have a reference to IDT entry#03, & some weird stuff down the end, along with 'unknown MBR code' for disk0!
Anyone help? Please??
September 1, 2013 09:09 Re: IDT Entry #03 Hook #233182
Reply with Quote | Quick Reply | Top
kpedro

Avatar

Novice
Join Date: 1.9.2013
Posts: 3
Hi all have been reading your questions re IDT entry #03 Hook. I now have the same issue I have attempted to use the AVG Support to get assistance but have not been able to get help on the solution yet. I have suppled reports etc. but no solutions have yet been suggested/supplied. Is anyone able to tell what this virus is and what it does. At the moment it seems to have really effected my Laptop speed and it's startup speed. Any knowledge on this will be most appreciated. - Thanks
September 1, 2013 11:59 Re: IDT Entry #03 Hook #233186
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
@ kpedro

Please provide the info requested in Pokornyz's post #233084.


AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To Articles | FAQ | Free Support
September 2, 2013 07:09 Re: IDT Entry #03 Hook #233204
Reply with Quote | Quick Reply | Top
kpedro

Avatar

Novice
Join Date: 1.9.2013
Posts: 3
Thank you for your enquiry. I have attached the latest GMER Scan and the AVG Scan as requested
September 2, 2013 07:26 Re: IDT Entry #03 Hook #233205
Reply with Quote | Quick Reply | Top
kpedro

Avatar

Novice
Join Date: 1.9.2013
Posts: 3
Hi BIG AL 43
I have also attached the initial AVG Report. Many thanks for you help.
Thanks Kpedro
September 6, 2013 12:57 Re: IDT Entry #03 Hook #233398
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello all,

Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats.

Should the infection be still present after restart, please provide us with new GMER anti-rootkit scan result and new AVG full computer scan result export. Also, please provide us with a screenshot of your partition table listing as follows:
1. Run the AVG Rescue CD.
2. Switch to the linux terminal by the left ALT + F2 key combination.
3. Login as the root user.
4. Execute the fdisk -l command.
5. Take a picture of your screen and attach it to your reply.
6. Use the left ALT + F1 key combination to switch back to the AVG Rescue CD menu.

Thank you.



AVG Team
How-To articles | FAQ | Free Support
September 7, 2013 14:31 Re: IDT Entry #03 Hook #233435
Reply with Quote | Quick Reply | Top
chinapig

Avatar

Novice
Join Date: 29.8.2013
Posts: 3
restoring MBR..

Thanks for your attention & instructions. I followed the off-line route, using the AVG rescue disk, & since my computer doesn't show any obvious signs of infection, hoped it had fixed the problem. But, as you can see from the attached logs, all is still as it was :(

Command line stuff doesn't come easily to me, so I ran the fdisk -l option with some trepidation! The only way I could figure to get a picture of the screen to send you was to use a camera - I hope you can make it out. Not sure if all the info is there as there's lots about a 400GB disk which is a raid array of 2x200GB for audio files, & nothing to do with the system disk. Even so, it looks a bit of dog's breakfast to me ('this is not a valid partition table' etc)!

Thanks for your attention.

Dave
September 9, 2013 20:40 Re: IDT Entry #03 Hook #233540
Reply with Quote | Quick Reply | Top
isaacdavid

Avatar

Novice
Join Date: 9.9.2013
Posts: 3
I'm getting exactly the same error in my scan. I've used the AVG Rescue CD to restore the MBR and the CD-based scan tells me there are no infections. However, once Windows starts up, the installed AVG scan still displays the message about the IDT entry #03.

I tried a scan with GMER 2.1, but before the scan could complete, I got a blue screen event telling me there was something wrong with an essential process. So, I ran GMER 2.1 for a limited period, then a complete scan with GMER 1.0.14.

The attached .zip file contains the 2 GMER logfiles, 2 screenshots of AVG showing the infection, msinfo, and a file containing formatted output from fdisk run from the Rescue CD (fdisk.txt). The .zip file is encrypted with my e-mail address.

Hope that helps.

Isaac David
Page 1 of 2 12››